// setup env
source koobe/bin/activate
cd aeg-analysis
// Create a new project named p0
python main.py create -p p0 --vmlinux ../s2e/images/.tmp-output/linux-4.9.3-x86_64/linux-4.9.3/vmlinux -c testcases/CVE-2017-7308/packet.syz -w testcases/CVE-2017-7308 -i debian-9.2.1-x86_64
// identify the vulnerable object
python main.py run -p p0 --findVuln
// identify all the vulnerability sites
python main.py run -p p0 --findSites
// Search for target objects matching the capability
// It might take a while...
python main.py run -p p0 --findTarget
// Generate Exploit
python main.py run -p p0 --exploit
Now we should have an exploit: testcases/CVE-2017-7308/exp\_packet\_sock\_xmit.c.
Note that not all exploit strategies are implemented, you may see failures on generating the final exploit.
For more details, please check this.